Skip to content
ContextUnity

Glossary

This glossary defines the foundational concepts and unified vocabulary used across the ContextUnity repository. For deeper dives, follow the cross-reference links attached to each definition.

Architecture Elements

B2B / Tenant Isolation

The separation of data and operational scope between different organizations (Tenants) within the same centralized database/service. In ContextUnity, this is strictly enforced by PostgreSQL Row-Level Security (RLS) linked to the ContextToken. See: ContextUnity Security Scope

B2C / User Isolation

The fine-grained separation of data between individual users within the same tenant (e.g. personal medical records inside a hospital’s namespace). Enforced via dual-dimensional PostgreSQL RLS (app.current_user).

mTLS (Mutual TLS)

A zero-trust networking concept where both the client and the server cryptographically prove their identity using physical certificates before establishing a TCP connection. See: Transport Security

Protocol & Execution

ContextUnit

The universal data transfer object (DTO) that flows between all ContextUnity services. It standardizes payloads, tracking metadata, trace provenance, and context states, acting as the single ‘blood cell’ of the platform’s nervous system. See: ContextUnit Protocol

ContextToken

A stateless, cryptographically signed JSON Web Token-like structure that carries authentication, permissions, and tenant scope. It eliminates the need for database lookups during service-to-service communication. See: ContextToken Security

RLM (Recursive Language Model)

An inference strategy where an LLM recursively calls itself within a sandboxed REPL environment to decompose complex tasks, overcome context limitations, and execute tools dynamically.

Interceptor

A gRPC middleware component that executes before or after an RPC call. ContextUnity relies heavily on interceptors for automatic token decryption, validation, and permissions enforcement (ServicePermissionInterceptor). See: Security Integration

Bootstrap

The SDK entry point that consumer projects call to register with ContextRouter. Handles manifest loading, prompt signing, Shield session acquisition, and BiDi stream setup in a single function call. See: Project Bootstrap

ErrorRegistry

Protocol-level mapping from stable error code strings (e.g., SECURITY_ERROR) to exception classes. Used to reconstruct typed exceptions from gRPC wire codes across service boundaries. See: Error Handling

Services (The Mesh)

ContextRouter (Mind)

The central intelligence component of the ecosystem. It orchestrates agentic workflows (via Pydantic AI and LangGraph), executes recursive tool calling (RLM), and coordinates requests across the mesh. See: ContextRouter Overview

ContextBrain (Memory)

The semantic memory, knowledge graph, and vector database backing the ecosystem. It provides hybrid RAG search and episodic memory storage, using PostgreSQL (pgvector / ltree). See: ContextBrain Overview

ContextCore (Kernel)

The shared foundation of the ecosystem. It provides the unified ContextUnit protocol, token validation structures, typing, gRPC contracts (.proto), and basic logging/configuration utilities. See: ContextCore Overview

ContextShield (Security)

The enterprise security layer. It provides zero-trust KMS (Key Management) backing for token signing, gRPC Vault APIs for managing application secrets, and the AI Firewall for Prompt Injection defense. See: ContextShield Overview

Privacy & PII Masking (Router)

Built-in PII anonymization and persona engine inside ContextRouter. Redacts Personally Identifiable Information before LLM calls using ephemeral AES-256-GCM encryption and restores originals upon return. Includes configurable entity detection and a persona template system. See: Privacy & PII Masking

ContextCommerce (Platform)

The Product Information Management (PIM) and Harvester platform. Used for large-scale data ingestion, taxonomy classification, and semantic product matching. See: ContextCommerce Overview

ContextWorker (Hands)

The background execution engine built entirely on HashiCorp/Temporal infrastructure. It runs durable, retry-able, and long-running workflows (e.g., mass taxonomy classification jobs). See: ContextWorker Overview

ContextView (Observability)

The central observability and admin dashboard. It provides a visual interface for managing tenants, viewing execution traces, configuring project schemas, and interacting with the system as a Human-in-the-Loop. See: ContextView Overview